|
|
Rob McGee <rob0@xxxxxxxxxxxxxxxxxxxxx> said: > On Tue, Feb 03, 2004 at 04:50:25PM +0100, christian laubscher wrote: > > is there a possibility to enjoy successful ping restarts besides > > letting run openvpn as root or using a 'noprivileged' socket (ie > > Just curious: why not just use a nonprivileged socket? What do you gain > from using a low port? Once your port is bound, no one else will be able > to bind it. AFAICT you're only avoiding the small likelihood of a non- > root user binding that port before you can ... ahhh, and maybe such an > attacker could intercept traffic from the peer? Is that it? I agree. Since OpenVPN doesn't have a --persist-socket option, it can't hold the socket open across restarts. This means that the socket has to be reopened from scratch after the restart which means that either you must run as root or you must use an unprivileged port. James ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Openvpn-users mailing list Openvpn-users@xxxxxxxxxxxxxxxxxxxxx https://lists.sourceforge.net/lists/listinfo/openvpn-users |